III. 35 U.S.C. § 102 (e)-Anticipation-Creigftton et al. 

The Office action has rejected claims 1, 2, 5, 8, 11, 12, 
15, 18, 21, 22, 25, 28 under 35 U.S.C. § 102(e) as anticipated by 
Creighton et al . , "Systems and methods for secured electronic 
5 transactions", U.S. Patent Application Number 2002/0035686, 

filed 07/14/2000, issued 03/21/2002. This rejection is 
respectfully traversed. 

Independent claims 1, 11, and 21 have been amended to 
incorporate features from two dependent claims, said features 

10 previously included within claims 5, 8, 15, 18, 25, and 28, 

which are now canceled; for example, claims 5 and 8 have been 
canceled while incorporating their subject matter into 
independent claim 1. The independent claims, as amended, 
contain the feature of prompting the user for authentication 

is data, such as a username/password pair or other authentication 

data, which is then included the PKI credential request that is 
sent to a certificate issuing authority; the prompting operation 
is performed in response to receiving the pre-regist ration 
record that initiates the process for obtaining PKI credentials. 

20 In addition, the independent claims, as amended, also contain 

the feature of receiving at least a public key certificate and 
an attribute certificate when the PKI credentials are received, 
and the attribute certificate contains the user-provided 
authentication data . 
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With respect to dependent claims 5, 15, and 25, along with 



dependent claims 8, 18, and 28, the rejection states that 
Creighton et al . at paragraphs 36 and 37 discloses the claimed 
features concerning an attribute certificate that is received in 
5 response to the PKI credential request, wherein the attribute 

certificate contains user-provided authentication data. 
Applicant strongly disagrees. Creighton et al . does not 
disclose the use of attribute certificates in any manner. 
Paragraphs 36 and 37 state: 

io [0036] The certification authority authenticates the RA and 

sets up the RA in the certification authority system, 
according to step 310. The set-up includes entering RA 
information in the computer and giving access to the RA to 
a registration interface to establish registration 

15 individuals (RIs) , according to step 310. The RIs can then 

securely access a registration graphical user interface 
(GUI) in a secured web site offered by the certification 
authority and register employees , for example , by uploading 
an excel spreadsheet or using an HTML form, according to 

20 step 315. The certification authority system generates a 

user identification code and a personal identity number 
(PIN), stores them in the database, and creates a PDF 
(portable document format) form for each registered 
employee, according to step 320. This is preferably done in 

25 real time. The RI ' s can download the PDF form with the pre- 

registration information, according to step 330, and 
securely deliver it, for example , in a sealed envelope to 
that employee, according to step 335. The delivery of the 
PDF form can also be done through other secure electronic 

30 transmissions. The employee can then make a certificate 

request via the secured web site provided by the 
certification authority, according to step 340. The 
employees are asked to enter their user identification code 
and PIN and also enter registration information, for 

35 example using an HTML form. As an additional authentication 

step a determination is then made whether the employee's 
pre-registration information stored in the certificate 
database matches the pre-registration information entered 
into the request, according to block 345. If it matches, 

40 then a digital certificate is created and e-mailed to the 

employee, according to block 350. If the information in the 
request does not match the stored pre-registration 
information, then the request is denied, according to block 
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355. Fulfillment of the whole process will typically take 
less than a few minutes to be completed, generally less 
than about three minutes. 

[0037] A digital certificate issued to an authenticated 
employee may contain among other information the employee's 
identification information, the company's information, the 
level of authority, typically expressed in terms of dollar, 
granted by the company to this employee, etc. The company 
can determine what information to include in a digital 
certificate by providing this information to the 
certification authority while pre-registering the employee. 

As should be apparent by reference to paragraph 37 et al., 
Creighton et al . generally discloses a digital certificate is 
generated and returned to a user for the purposes of engaging in 
secure electronic transactions. Creighton et al. does not 
specify any detail of the type of digital certificate that might 
be returned, and Creighto n et al. implies that a public key 
certificate is the only type of digital certificate that is 
returned. Again, Creighton et al . does not disclose the use of 
attribute certificates in any manner. 

In contrast, the user in the present invention obtains 
multiple digital certificates in response to a single PKI 
credential request. In addition, the user in the present 
invention receives an attribute certificate along with a public 
key certificate. These features are clearly claimed in the 
independent claims, as amended. 

Moreover, although Creighton et al . discloses a set of 
steps in which a user enters authentication data during the 
process to obtain a digital certificate, the authentication data 
is used by the certification authority to authenticate the user 
prior to creating and returning a digital certificate. As 
disclosed in paragraph 36: 

The employees are asked to enter their user identification 
code and PIN and also enter registration information, for 
example using an HTML form. As an additional authentication 
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step a determination is then made whether the employee's 
pre-registration information stored in the certificate 
database matches the pre-registration information entered 
into the request, according to block 345. If it matches, 
5 then a digital certificate is created and e-mailed to the 

employee, according to block 350. 

In addition, as stated in paragraph 36, "the certification 
authority generates a user identification code and a personal 

10 identity number (PIN)". In other words, the authentication data 

that is entered by the user and then used by the certification 
authority has a special, one-time purpose, i.e. to verify that 
the user that returns the request for the digital certificate is 
a user that has been properly referred by the registration 

15 authority back to the certification authority for a digital 

certificate . 

In contrast, the user in the present invention enters 
authentication data for the purposes of providing the 
authentication data that will be embedded within the attribute 

20 certificate that is returned to the user. These features are 

clearly claimed in the independent claims, as amended. 

Creighton et al . clearly does not disclose features as 
required by the language of the amended independent claims of 
the present application. As stated at MPEP § 2131: "A claim is 

25 anticipated only if each and every element as set forth in the 

claim is found, either expressly or inherently described, in a 
single prior art reference." Verdegaal Bros. v. Union Oil Co. 
of California, 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. Cir. 
1987). "The identical invention must be shown in as complete 

30 detail as is contained in the ... claim." Richardson v. Suzuki 

Motor Co., 868 F.2d 1226, 1236, 9 USPQ2d 1913, 1920 (Fed. Cir. 
1989) . Hence, for this and other reasons, Creighton et al. 
cannot be used as an anticipatory reference, and the 
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anticipatory rejections of the claims have been overcome, 
whereby Applicant requests the withdrawal of the rejections. 

IV. 35 U.S.C. § 103 (a) -Obviousness 

The Office action has rejected claims 3, 9, 13, 19, 23, and 
29 under 35 U.S.C. § 103(a) as unpatentable over Creighton et al. 
in view of Padgett et al., "Digital Signature Providing Non- 
Repudiation Based on Biological Indicia", U.S. Patent Number 
6,535,978 Bl, filed 07/28/1998, issued 03/18/2003. This 
rejection is traversed. 

The Office action has also rejected claims 4, 10, 14, 20, 
24, and 30 under 35 U.S.C. § 103(a) as unpatentable over 
Creighton et al . in view of Brown et al., "System and method for 
document-driven processing of digitally-signed electronic 
documents", U.S. Patent Number 6,671,805 Bl, filed 06/17/1999, 
issued 12/30/2003. This rejection is also traversed. 

The Office action has also rejected claims 6, 16, and 26 
under 35 U.S.C. § 103(a) as unpatentable over Creighton et al. in 
view of Schneider, "Method, product, and apparatus for 
deliverying a message", U.S. Patent Application Number 
2002/0010745, filed 12/08/2000, issued 01/24/2002. This 
rejection is also traversed. 

The Office action has also rejected claims 7, 17, and 27 
under 35 U.S.C. § 103(a) as unpatentable over Creighton et al. in 
view of Stewart et al., "Network communication service with an 
improved subscriber model using digital certificates", U.S. 
Patent Number 6,571,221 Bl, filed 11/03/1999, issued 05/27/2003. 
This rejection is also traversed. 

The Office action has rejected some of the dependent claims 
using obviousness arguments based on Creighton et al. as a 
primary reference and a set of secondary references. The 
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dependent claims contains various features, such as the manner 
in which the PKI credentials are stored upon receipt. 

Creighton et al. was used as the basis for an anticipatory 
rejection of the independent claims. In response, Applicant has 
amended the independent claims to include features that are not 
disclosed within Creighton et al . nor within any of the prior 
art references that have been used as secondary references 
within the obviousness rejections. Thus, the applied prior art 
cannot by combined to reach the claimed features of the present 
invention . 

Examiner bears the burden of establishing a prima facie 
case of obviousness 

The examiner bears the burden of establishing a prima facie 
case of obviousness based on the prior art when rejecting claims 
under 35 U.S.C. § 103. In re Fritch, 972 F.2d 1260, 23 
U.S.P.Q.2d 1780 (Fed. Cir. 1992). Only when a prima facie case of 
obviousness is established does the burden shift to the applicant 
to produce evidence of nonobviousness . In re Oetiker, 977 F.2d 
1443, 1445, 24 U.S.P.Q.2d 1443, 1444 (Fed. Cir. 1992); In re 
Rijckaert, 9 F.3d 1531, 1532, 28 U.S.P.Q.2d 1955, 1956 (Fed. Cir. 
1993) . If the Patent Office does not produce a prima facie case 
of unpatentability, then without more the applicant is entitled 
to grant of a patent. In re OetiArer, 977 F.2d 1443, 1445, 24 
U.S. P.Q. 2d 1443, 1444 (Fed. Cir. 1992); In re Grabiak, 769 F.2d 
729, 733, 226 U.S. P.Q. 870, 873 (Fed. Cir. 1985). In response to 
an assertion of obviousness by the Patent Office, the applicant 
may attack the Patent Office's prima facie determination as 
improperly made out, present objective evidence tending to 
support a conclusion of nonobviousness, or both. In re Fritch, 
972 F.2d 1260, 1265, 23 U.S. P.Q. 2d 1780, 1783 (Fed. Cir. 1992). 



Page 15 

Benantar et al. - 09/821,081 



The applied prior art references clearly fail to disclose 
at least one feature of the present invention as recited within 
each independent claim, notwithstanding the obviousness 
arguments presented by the Office action, thereby rendering the 
5 applied prior art references incapable of being used as primary 

and secondary references as argued by the current rejection. 
Moreover, a hypothetical combination of the applied prior art 
references would also fail to reach the claimed invention of the 
present patent application. As should be recognized, because 

10 the applied prior art references in the rejections fail to 

disclose the claimed features against which the references were 
applied, and because the references fail to be combinable to 
produce these claimed features, the rejection fails to fulfill 
the requirements of a proper obviousness argument. 

15 With respect to the claims of the present patent 

application, Applicant respectfully submits that it would not 
have been obvious for one having ordinary skill in the art to 
have used the applied prior art references to reach the claimed 
invention . Hence , a re j ect ion of the claims cannot be based upon 

20 the cited prior art to establish a prima facie case of 

obviousness. Therefore, a rejection of the claims under 35 
U.S.C. § 103(a) has been shown to be insupportable in view of 
the cited prior art, and the claims are patentable over the 
applied references. Applicant respectfully requests the 

25 withdrawal of the rejection of the claims. 
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V. Conclusion 

It is respectfully urged that the present patent 
application is patentable, and Applicant kindly requests a 
Notice of Allowance. 

For any other outstanding matters or issues, the examiner 
is urged to call or fax the below-listed telephone numbers to 
expedite the prosecution and examination of this application. 

DATE: September 27, 2006 Respectfully submitted, 



R^g. /No. 3/l,/633 

Attorney /or applicant 
/ 
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